COMP412 Computer Security Final Exam Booklet PDF

Document Details

Uploaded by Deleted User

Macao Polytechnic University

Macao Polytechnic University

Dr. Kim, Song-Kyoo (Amang)

Tags

computer security final exam security protocols computer science

Summary

This document is a final exam booklet for Computer Security (COMP412) at Macao Polytechnic University. It covers topics including security introduction, modern ciphers, public key encryption, authentication, key management, network security, number theory, and asymmetric key cryptography.

Full Transcript

COMP412: Computer Security Final Exam Booklet Dr. Kim, Song-Kyoo (Amang) Associate Professor,...

COMP412: Computer Security Final Exam Booklet Dr. Kim, Song-Kyoo (Amang) Associate Professor, Computer Science Program MACAO POLYTECHNIC UNIVERSITY Macau, SAR Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR Notice  This booklet is designed for helping students to prepare their final exam.  But it is noted that the booklet only partially covers the scope of the final exam.  Students should study more enough to cover all scope of the final exam on the top of this booklet. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 2/92 Final Exam Coverage  Knowledge based questions Before Mid term Security Introduction Modern Ciphers Public Key Encryption (RSA, DH-Key) After Mid term (more portion) Authentication / Biometric / ECG Key Management / PGP / IPsec / Wireless Network Security Final Exam Booklet  Practice based questions Number Theory; Asymmetric key cryptography (RSA); Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 3/92 Core Summery Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR Definition of Computer Security (1/3)  Objectives of Computer Security (CIA triad) Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 5/92 Definition of Computer Security (2/3)  Confidentiality Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 6/92 Definition of Computer Security (3/3)  Integrity Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.  Availability Assures that systems work promptly and service is not denied to authorized users. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 7/92 X.800 Security Service (1/3)  Confidentiality protection of data from unauthorized disclosure  Integrity assurance that data received is as sent by an authorized entity  Authentication assurance that the communicating entity is the one claimed  Access Control prevention of the unauthorized use of a resource  Non-Repudiation protection against denial by one of the parties in a communication Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 8/92 Hash Function  A hash function accepts a variable-size message M as input and produces a fixed-size hash code H(M), called a message digest, as output  The purpose of a hash function is to produce a “fingerprint” of a file, message or other block of data  Hash function is public and not keyed whereas MAC is keyed  It provides an error-detection capability (Integrity) To detect changes in messages  With an encryption on the hash value, it provides authentication as well (Digital signature) Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 9/92 Security network architecture design (1/4)  Component type (Backup type I) (private and public) Data: authentication, multi-media, transaction data, … System (or services): demons, service servers, Infrastructure: telecommunication (routers, gateways, …), electronic power line, …  Standby type (Backup type II) Hot-standby: Recovered without booting/backup times Cold-standby: Booting/backup times are required.  Network type Intranet: private network (e.g., Isolation) Internet: cloud services (e.g., AWS) Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 10/92 Feistel Cipher (2/2)  Feistel Example Block size (64 or 128 bits) larger gives more diffusion. Key size (128 bits): larger leads to more confusion. Number of rounds – 16 rounds Subkey generation & Round function F: should be complex Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 11/92 Biometrics (18/20)  Retina Biometric (1/2) Blood vessel of retina Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 12/92 Biometrics (19/20)  Retina Biometric (2/2) Advantages Low occurrence of false positives Extremely low (almost 0%) false negative rates Highly reliable because no two people have the same retinal pattern Speedy results: Identity of the subject is verified very quickly Disadvantages Measurement accuracy can be affected by a disease such as cataracts Measurement accuracy can also be affected by severe astigmatism Scanning procedure is perceived by some as invasive Subject being scanned must be very close to the camera optics High equipment cost Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 13/92 Biometrics (9/20)  Biometric Overview Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 14/92 Wired Equivalent Privacy (WEP)  Wi-Fi security standard in September of 1999  U.S. restrictions on the export of various cryptographic technology  64-bit only  Now the key size is up to 128-bit or 256-bit.  Numerous security flaws were discovered. WEP passwords can be cracked in minutes using freely available software.  Wi-Fi Alliance officially retired WEP in 2004. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 15/92 Wi-Fi Protected Access (WPA)  WPA was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP standa rd.  The key size of WPA-PSK (pre-shared key) is 256-bit.  WPA implemented with the temporal key integrity protocol (T KIP), which works as a wrapper of WEP.  TKIP uses RC4 as its basis.  Some improvement over WEP: A cryptographic message integrity check to protect packets An initialization-vector sequencing mechanism that includes hashin g, as opposed to WEP's plain text transmission A per-packet key-mixing function to increase cryptographic strength A re-keying mechanism to provide key generation every 10,000 pac kets. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 16/92 RSA Key Generation Summary  RSA Algorithm Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 17/92 Disaster Recovery  IT managerial aspects of security Prevention: Minimum vulnerable operating system that can make hacking or viral destruction difficult. Defense: Any form of defense against an attack, once the wall is broken (e.g. antivirus software, firewalls) Disaster Recovery Management (contingency plan): The plan and actions when a damage has been rendered and a relevant back-up system is needed, along with repair of failed items or components.  Third category is the least explored area in the global security, even though there are some noticeable (but scattered) efforts. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 18/92 Security network architecture design  Component type (Backup type I) (private and public) Data: authentication, multi-media, transaction data, … System (or services): demons, service servers, Infrastructure: telecommunication (routers, gateways, …), electronic power line, …  Standby type (Backup type II) Hot-standby: Recovered without booting/backup times Cold-standby: Booting/backup times are required.  Network type Intranet: private network (e.g., Isolation) Internet: cloud services (e.g., AWS) Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 19/92 Miscellaneous Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR Miscellaneous (1/4)  Security Attacks It is an any action that compromises the security of information owned by an organization.  Secure Socket Layer It provides basic security to various higher-layer protocols which consist of two layers above TCP.  Encipher The process of converting plaintext to ciphertext using a cipher and a key.  Decipher The process of converting ciphertext back into plaintext using a cipher and a key. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 21/92 Miscellaneous (2/4)  X.509 It is one of major standard for digital certificate which developed by ITU-T.  IPSec It provides a set of security algorithms and a general framework that allows a pair of secure communicating entities.  X.800 Security Architecture for Open System Interconnection (OSI) defines a systematic way of defining and providing security requirements. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 22/92 Miscellaneous (3/4)  Data confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals.  Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 23/92 Miscellaneous (4/4)  Birthday attack It gives higher probability to find pair with same hash when two sets of messages are compared.  Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 24/92 Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 25/92

Use Quizgecko on...
Browser
Browser